-
davidben authored
The existing API and implementation were problematic for several reasons. - It is very unclear what algorithms were supported. - Everyone was using it as an enum anyway, but it required copy-and-pasting giant strings all over the codebase. - The API is dangerous. Anyone not using it as an enum (i.e. taking an AlgorithmIdentifier from another source) opens themselves up to accepting any random algorithm and parameters the underlying implementation knew how to parse. - It relies on EVP_get_digestbyobj extracting the hash for RSA-PKCS1-FOO signature OIDs. This is weird and, for EVP_get_digestbyobj, Chromium appears to be one of the only two consumers still relying on this. This is a remnant of OpenSSL's old EVP_Sign* APIs. - The old EVP_get_digestbyobj implementation failed to check that ECDSA public keys weren't used for an RSA algorithm, etc. - The old EVP_get_digestbyobj implementation happily accepted OIDs for hashes as signature algorithm OIDs. This removes a use of openssl/x509.h from //crypto. BUG=499653 Review URL: https://codereview.chromium.org/1679873005 Cr-Commit-Position: refs/heads/master@{#379014}
9c97a36e